Important message regarding recent fraudulent emails at UBC

November 28, 2013

To: all UBC Students, Faculty, and Staff

There has been an increase in spam and “phishing” emails recently. These can appear to come from official UBC sources, but are actually attempting to acquire confidential usernames and passwords (“credentials”) to gain access to your accounts and use them for illegitimate purposes. Despite our best efforts, spam emails have become more sophisticated and targeted and will continue to show up in your email inbox.

How to protect yourself against malicious email:

1. Question authenticity: Emails can be made to look like they come from anyone (even a trusted source). But, UBC will NEVER ask you to update your personal login information via a link in an email. If you receive an email asking you to do this, assume it is fraudulent and do not follow the links.

2. Check all links before clicking: Be aware that website links can appear to be legitimate and correct, but may include a hidden code that actually sends you to another site. These fraudulent sites are often exact duplicates of real sites and can easily trick people into entering personal information. If you’re unsure, always manually type the correct website address into your browser to make sure you’re on an authentic site.

3. Ignore “Account Emergency” emails: Ignore and delete emails that talk about an emergency with your account, or virus infections. Emails about urgent situations that require you to act right away are typically fraudulent.

4. Check for known phishing attempts: A list of current and past security alerts can be found at www.it.ubc.ca/phishing. If in doubt about the authenticity of an email you have received, check here to see if it has already been identified as a fraud attempt.

5. Contact your IT department: If you are uncertain about a specific email, it is better to contact your department’s IT staff before clicking on any links. If you do accidentally click on a link in an email that you think is fake, immediately close your web browser and inform your IT staff so that they can scan your computer. Sometimes simply clicking on the link without even entering anything on the website can infect your computer with a virus. Report suspicious email by forwarding the message along with full headers to security@ubc.ca.

Giving away email credentials can result in serious problems for everyone at UBC. If an email account is compromised, it can be used to send thousands of spam messages across the Internet. As this new spam email is from an official UBC address, many email providers (such as Gmail and Hotmail) begin to block email coming from all UBC addresses. This can have a significant impact on your ability to send out email to students or to colleagues at other institutions.

If you have any further questions or concerns, please contact your department’s IT support staff or the UBC IT Service Centre (604-822-2008).
Oliver Grüter-Andrew
Chief Information Officer
The University of British Columbia